I am now attempting to set up scopes, roles, and permissions for users accessing routes.
For reference, here is the example quickstart code:
// server.js
const { requiredScopes } = require('express-oauth2-jwt-bearer');
const checkScopes = requiredScopes('read:messages');
app.get('/api/private-scoped', checkJwt, checkScopes, function(req, res) {
res.json({
message: 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.'
});
});
How can I access the user’s information inside of the route?
Two people might have the scope of “all:email” in their role, but depending on who that user is, the people they have access to email will vary.